Add tests for exotic external tar asset archives, fix some more corner case bugs #74412
Conversation
…alExtendedAttributesEntry.
… user access of the DataStream property gives them a stream ready to read from the beginning.
…butes are analyzed, in case the size is found as an extended attribute and needs to be overriden.
… read. Verify their DataStream if available.
…ion is unexpected for the entry type.
…s encountered. These entries have additional data that indicates the locations of sparse bytes, which cannot be read with just the size field. So to avoid accidentally offseting the reader, we throw.
|
Tagging subscribers to this area: @dotnet/area-system-io Issue DetailsFixes #74316 src changes:
test changes:
|
Leading? |
|
Can you also check how we fare against the libarchive ones now? |
What was the reason of handling it here when the other PR is up? |
Is this the only case where this PR make us stricter than before? We're confident this isn't a real world case? |
src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarHelpers.cs
Outdated
Show resolved
Hide resolved
@am11 I wanted to cover tests for all the individual archives that you were kind enough to bring to our repo. I had to write a lot of helper code for the tests that would make it complicated to merge with your change. Since we want to include this change in the rc1 backport, I thought the fastest way to address the octal bug was to include it here, and request for your help, which is greatly appreciated. I'll make sure to give credit to you in the commit message. Apologies for the last minute notice. Would you be so kind to provide feedback on the change? In my opinion, we should keep it very limited to only nulls and whitespaces. |
src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarHelpers.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarHelpers.cs
Outdated
Show resolved
Hide resolved
Good question. I only encountered this problem in one of the archives, in a fifo entry, which is an entry type in which the data section is unexpected. The code was already not expecting data for those kinds of entries, but it would keep running until it tried to retrieve the next entry, and would encounter malformed data, because the position pointer would be offset (the pointer was not advancing beyond the unexpected data and its padding). So I'd rather throw early than unexpectedly throw FormatException later, which would confuse the user. This is the only case that would make us stricter, among these changes. |
Yes, I can do that next. We don't yet have them in runtime-assets, so I am not sure I'll have time to include it in this PR or in RC1. |
| @@ -203,6 +203,12 @@ internal static TarEntryType GetCorrectTypeFlagForFormat(TarEntryFormat format, | |||
| internal static T ParseOctal<T>(ReadOnlySpan<byte> buffer) where T : struct, INumber<T> | |||
| { | |||
| buffer = TrimEndingNullsAndSpaces(buffer); | |||
| buffer = TrimLeadingNullsAndSpaces(buffer); | |||
There was a problem hiding this comment.
nit: either {Ending,Starting} or {Trailing,Leading} pair
| @@ -205,6 +205,9 @@ | |||
| <value>The entry is a symbolic link or a hard link but the LinkName field is null or empty.</value> | |||
| </data> | |||
| <data name="TarEntryTypeNotSupported" xml:space="preserve"> | |||
| <value>Entry type '{0}' not supported.</value> | |||
There was a problem hiding this comment.
| <value>Entry type '{0}' not supported.</value> | |
| <value>Entry type '{0}' is not supported.</value> |
And below
| @@ -203,6 +203,12 @@ internal static TarEntryType GetCorrectTypeFlagForFormat(TarEntryFormat format, | |||
| internal static T ParseOctal<T>(ReadOnlySpan<byte> buffer) where T : struct, INumber<T> | |||
| { | |||
| buffer = TrimEndingNullsAndSpaces(buffer); | |||
| buffer = TrimLeadingNullsAndSpaces(buffer); | |||
There was a problem hiding this comment.
This is fine, most tools I have tried only ignore nulls and spaces. I haven't found a spec explicitly calling it out how lenient the implementation can or should be, but libarchive's behavior is that it ignores all non-octal characters.
Maybe add a comment linking to formal specification which talks about it, or if there is none:
"The formal specification does not specify it but we only trim nulls and spaces"
There was a problem hiding this comment.
Thanks @am11. Sure, I can add a comment. If I don't get any blocking feedback to address, I'll add the comment in a separate PR to not block this with a CI re-run.
There was a problem hiding this comment.
LGTM, thank you @carlossanlop !
I left some comments, but they were all nits that don't need to be fixed right now if you want to merge it asap and backport to RC1.
| @@ -311,6 +319,8 @@ private async Task ProcessDataBlockAsync(Stream archiveStream, bool copyData, Ca | |||
| { | |||
| MemoryStream copiedData = new MemoryStream(); | |||
| TarHelpers.CopyBytes(archiveStream, copiedData, _size); | |||
| // Reset position pointer so the user can do the first DataStream read from the beginning | |||
There was a problem hiding this comment.
nit: slightly better wording (don't trigger CI for this suggestion)
| // Reset position pointer so the user can do the first DataStream read from the beginning | |
| // Reset stream position so the user can do the first DataStream read from the beginning |
also: do other usages of TarHelpers.CopyBytes also need to reset the position? If so, we could move it to this method itself.
| { | ||
| int newStart = 0; | ||
| while (newStart < buffer.Length && buffer[newStart] is 0 or 32) | ||
| { | ||
| newStart++; | ||
| } | ||
|
|
||
| return buffer.Slice(newStart); | ||
| } |
There was a problem hiding this comment.
nit: you can use the new IndexOfAnyExcept here
| { | |
| int newStart = 0; | |
| while (newStart < buffer.Length && buffer[newStart] is 0 or 32) | |
| { | |
| newStart++; | |
| } | |
| return buffer.Slice(newStart); | |
| } | |
| => buffer.Slice(Math.Max(0, buffer.IndexOfAnyExcept((byte)0, (byte)' ')); |
There was a problem hiding this comment.
Since it's a nit, I can address this in a separate PR.
| Assert.NotNull(await reader.GetNextEntryAsync()); | ||
| Assert.NotNull(await reader.GetNextEntryAsync()); | ||
| Assert.NotNull(await reader.GetNextEntryAsync()); | ||
| Assert.NotNull(await reader.GetNextEntryAsync()); |
There was a problem hiding this comment.
nit: personally, I would use for loop here and add a comment explaining why we expect 8 entries
| Assert.NotNull(await reader.GetNextEntryAsync()); | |
| for (int i = 0; i < 8; i++) | |
| { | |
| Assert.NotNull(await reader.GetNextEntryAsync()); | |
| } |
There was a problem hiding this comment.
That approach works great when the test passes. It's way less great when it fails, since you don't know what i was.
| { | ||
| foreach (string name in NodeTarTestCaseNames) | ||
| { | ||
| yield return new object[] { name }; | ||
| } | ||
| } |
There was a problem hiding this comment.
nit: we could use LINQ here
| { | |
| foreach (string name in NodeTarTestCaseNames) | |
| { | |
| yield return new object[] { name }; | |
| } | |
| } | |
| => NodeTarTestCaseNames.Select(name => new object[] { name }); |
| @@ -205,6 +205,9 @@ | |||
| <value>The entry is a symbolic link or a hard link but the LinkName field is null or empty.</value> | |||
| </data> | |||
| <data name="TarEntryTypeNotSupported" xml:space="preserve"> | |||
| <value>Entry type '{0}' not supported.</value> | |||
| </data> | |||
| <data name="TarEntryTypeNotSupportedInFormat" xml:space="preserve"> | |||
| <value>Entry type '{0}' not supported in format '{1}'.</value> | |||
There was a problem hiding this comment.
| <value>Entry type '{0}' not supported in format '{1}'.</value> | |
| <value>Entry type '{0}' is not supported in format '{1}'.</value> |
| { | ||
| // Currently sparse entries are not supported. | ||
|
|
||
| // There are PAX archives archives in the golang folder that have extended attributes for treating a regular file as a sparse file. |
| { | ||
| // The four supported formats have a header that fits in the default record size | ||
| Span<byte> buffer = stackalloc byte[TarHelpers.RecordSize]; | ||
|
|
||
| archiveStream.ReadExactly(buffer); | ||
|
|
||
| TarHeader? header = TryReadAttributes(initialFormat, buffer); | ||
| if (header != null) | ||
| if (header != null && processDataBlock) |
There was a problem hiding this comment.
Isn't this better than one extra param?
| if (header != null && processDataBlock) | |
| if (header != null && initialFormat != TarEntryFormat.Pax) |
There was a problem hiding this comment.
Good question. That was my initial approach, but then I opted for the extra boolean for these reasons:
- We have multiple types of PAX entries: Global Extended Attriburtes, Extended Attributes, and the normal entries. I was introducing regressions in some of those cases.
- It's much more clear what the boolean is for, rather than a not-equal check.
| { | ||
| await using MemoryStream archiveStream = GetTarMemoryStream(CompressionMethod.Uncompressed, "golang_tar", testCaseName); | ||
| await using TarReader reader = new TarReader(archiveStream); | ||
| await Assert.ThrowsAsync<FormatException>(async () => await reader.GetNextEntryAsync()); |
There was a problem hiding this comment.
| await Assert.ThrowsAsync<FormatException>(async () => await reader.GetNextEntryAsync()); | |
| await Assert.ThrowsAsync<FormatException>(() => reader.GetNextEntryAsync().AsTask()); |
|
|
||
| await using MemoryStream archiveStream = GetTarMemoryStream(CompressionMethod.Uncompressed, testFolderName, testCaseName); | ||
| await using TarReader reader = new TarReader(archiveStream); | ||
| await Assert.ThrowsAsync<NotSupportedException>(async () => await reader.GetNextEntryAsync()); |
There was a problem hiding this comment.
Is there a way to workaround an archive with sparse files? say, we still want to traverse the rest of entries.
There was a problem hiding this comment.
Unfortunately no. Note that sparse files are a rare scenario, and from the beginning it was decided that archives containing these would not be supported for 7.0.
…r case bugs (dotnet#74412) * Remove unused _readFirstEntry. Remnant from before we created PaxGlobalExtendedAttributesEntry. * Set the position of the freshly copied data stream to 0, so the first user access of the DataStream property gives them a stream ready to read from the beginning. * Process a PAX actual entry's data block only after the extended attributes are analyzed, in case the size is found as an extended attribute and needs to be overriden. * Add tests to verify the entries of the new external tar assets can be read. Verify their DataStream if available. * Add copyData argument to recent alignment padding tests. * Throw an exception sooner and with a clearer message when a data section is unexpected for the entry type. * Allow trailing nulls and spaces in octal fields. Co-authored-by: @am11 Adeel Mujahid <3840695+am11@users.noreply.github.com> * Throw a clearer exception if the unsupported sparse file entry type is encountered. These entries have additional data that indicates the locations of sparse bytes, which cannot be read with just the size field. So to avoid accidentally offseting the reader, we throw. * Tests. * Rename to TrimLeadingNullsAndSpaces Co-authored-by: carlossanlop <carlossanlop@users.noreply.github.com>
| AssertExtensions.GreaterThan(entry.Checksum, 0); | ||
| AssertExtensions.GreaterThan((int)entry.Mode, 0); |
There was a problem hiding this comment.
Is there a test where we expext zero? i.e: when the bytes passed into ParseOctal are all leading spaces.
…r case bugs (dotnet#74412) * Remove unused _readFirstEntry. Remnant from before we created PaxGlobalExtendedAttributesEntry. * Set the position of the freshly copied data stream to 0, so the first user access of the DataStream property gives them a stream ready to read from the beginning. * Process a PAX actual entry's data block only after the extended attributes are analyzed, in case the size is found as an extended attribute and needs to be overriden. * Add tests to verify the entries of the new external tar assets can be read. Verify their DataStream if available. * Add copyData argument to recent alignment padding tests. * Throw an exception sooner and with a clearer message when a data section is unexpected for the entry type. * Allow trailing nulls and spaces in octal fields. Co-authored-by: @am11 Adeel Mujahid <3840695+am11@users.noreply.github.com> * Throw a clearer exception if the unsupported sparse file entry type is encountered. These entries have additional data that indicates the locations of sparse bytes, which cannot be read with just the size field. So to avoid accidentally offseting the reader, we throw. * Tests. * Rename to TrimLeadingNullsAndSpaces Co-authored-by: carlossanlop <carlossanlop@users.noreply.github.com>
* Improve performance of Tar library (#74281) * Avoid unnecessary byte[] allocations * Remove unnecessary use of FileStreamOptions * Clean up Dispose{Async} implementations * Clean up unnecessary consts Not a perf thing, just readability. * Remove MemoryStream/Encoding.UTF8.GetBytes allocations, unnecessary async variants, and overhaul GenerateExtendedAttributesDataStream * Avoid string allocations in ReadMagicAttribute * Avoid allocation in WriteAsOctal * Improve handling of octal * Avoid allocation for version string * Removing boxing and char string allocation in GenerateExtendedAttributeName * Fix a couple unnecessary dictionary lookups * Replace Enum.HasFlag usage * Remove allocations from Write{Posix}Name * Replace ArrayPool use with string.Create * Replace more superfluous ArrayPool usage * Remove ArrayPool use from System.IO.Compression.ZipFile * Fix inverted condition * Use generic math to parse octal * Remove allocations from StringReader and string.Split * Remove magic string allocation for Ustar when not V7 * Remove file name and directory name allocation in GenerateExtendedAttributeName * fix tar strings (#74321) * Fix some corner cases in TarReader (#74329) * Fix a few Tar issues post perf improvements (#74338) * Fix a few Tar issues post perf improvements * Update src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarHeader.Write.cs * Skip directory symlink recursion on TarFile archive creation (#74376) * Skip directory symlink recursion on TarFile archive creation * Add symlink verification * Address suggestions by danmoseley Co-authored-by: carlossanlop <carlossanlop@users.noreply.github.com> * SkipBlockAlignmentPadding must be executed for all entries (#74396) * Set modified timestamps on files being extracted from tar archives (#74400) * Add tests for exotic external tar asset archives, fix some more corner case bugs (#74412) * Remove unused _readFirstEntry. Remnant from before we created PaxGlobalExtendedAttributesEntry. * Set the position of the freshly copied data stream to 0, so the first user access of the DataStream property gives them a stream ready to read from the beginning. * Process a PAX actual entry's data block only after the extended attributes are analyzed, in case the size is found as an extended attribute and needs to be overriden. * Add tests to verify the entries of the new external tar assets can be read. Verify their DataStream if available. * Add copyData argument to recent alignment padding tests. * Throw an exception sooner and with a clearer message when a data section is unexpected for the entry type. * Allow trailing nulls and spaces in octal fields. Co-authored-by: @am11 Adeel Mujahid <3840695+am11@users.noreply.github.com> * Throw a clearer exception if the unsupported sparse file entry type is encountered. These entries have additional data that indicates the locations of sparse bytes, which cannot be read with just the size field. So to avoid accidentally offseting the reader, we throw. * Tests. * Rename to TrimLeadingNullsAndSpaces Co-authored-by: carlossanlop <carlossanlop@users.noreply.github.com> * Remove Compression changes, keep changes confined to Tar. * Fix build failure due to missing using in TarHelpers.Windows Co-authored-by: Stephen Toub <stoub@microsoft.com> Co-authored-by: Dan Moseley <danmose@microsoft.com> Co-authored-by: Adeel Mujahid <3840695+am11@users.noreply.github.com> Co-authored-by: carlossanlop <carlossanlop@users.noreply.github.com> Co-authored-by: David Cantú <dacantu@microsoft.com>
ghost
locked as resolved and limited conversation to collaborators
Addresses #74316 (excludes libarchive, which were not added as assets)
src changes:
_readFirstEntryfield inTarReader.processDataBlockbool argument toTryGetNextHeaderso that in the case of Pax, we don't read the data block until after we process the extended attributes, in casesizeis encountered among them and we override the original value.DataStreamreturns a stream positioned in the first byte, instead of the last byte.test changes: